Hacked! (Or "Why I Hate People")

[gerid]

But... isn't there a way to ban an ip if they use a wrong username/password 10 times or something like that? of course, not eternally... just for 24 hours or so...

[Xepher]

That's what I'm implementing, but it requires features added to the kernel, which is the one, single thing in linux that ever requires a reboot.

Picture it this way, it's like reinstalling windows from 1000 miles away, with no monitor and no mouse. As such, I'm taking my time to make sure I do it right the first time, because once I reboot, if it doesn't come back up and let me log back in, then I have to nicely ask the people hosting it to go fix it. They of course, then ask me nicely to pay them good money for their time. :-)

[Kaspalian]

Argh - I completely forgot about the file permissions! It works fine now, thanks Xepher! And thanks for sorting all this out too... Good luck with the fixing.

[Databits]

Oh, a botnet... BLAH!

Yeah, but it's gotta be sourced from one person... whom should burn and suffer in a firey pit of damnation and fury.... or simple be thrown in prison for LIFE.

Honestly though, hackers... WHY? Why put your skills to such poor use like breaking into systems? Wouldn't it make more sense to develop something really clever that could actually be used and make millions?? No.. people are far too stupid to think about that aspect, they'd rather make others lives miserable for no reason at all.

[Xepher]

Okay, I have updated the kernel and rebooted the system. Now that the scary part is over, I feel a bit better. I've just turned on fail2ban, a script that will monitor login attempts and block anyone that fails 5 times. This script is new and in beta, so if you run into problems, let me know.

[Wart]

I thought there was a new kernel patch that allowed you to boot into the new kernel without really rebooting the system?

There was a question on Slashdot not too long ago about how to handle repeated log in attempts like this.. I think a lot of the suggestions were similar to what you've implemented though..

[Xepher]

Yes, there is a kernel-exec support, but that's... iffy. You still have to bring down the entire system to do it, it just saves you from having to run back through BIOS. That wasn't my worry. It was more that the new kernel would fail... that problem still happens if you use kexec.

As for blocking repeated logins, that should be up and going now.

[Xepher]

More software upgrades... and they changed the entire layout for the webserver configuration. As such, I had to rewrite most of it from scratch to match the new layout. I have, of course, been tweaking bits of this for the past 3 years, so it's possible I missed a few custom pieces here and there. Let me know if anything acts weird or broken.

[Databits]

The .htaccess file that was doign redirects via sub domains on my site isn't working correctly. As a matter of fact, even the direct url on the server seems to be broken. Not exactly sure what's going on, but I'm sure it's not the .htaccess file since I tested it by temporarily renaming it.

[Xepher]

Yeah, see the other thread about the overnight glitch. Bottom line, I'm working on it.

[Databits]

Ahh... when I logged into the forum this was the only one highlighted as new. I shall read the other!

[trekkie1701c]

Hey, Xepher, I just had an idea for preventing someone who's managed to hack the site from doing much damage - is there anything you could write that would prevent a user from changing a large amount of files within a short period of time (giving them an error if they try to edit more files than one would normally be able to edit in a short period of time - like 20 files in a minute, or something).  It's just an idea, and I'm sure there's probably some reason why you can't do it (I'm not very familiar with everything that Linux/Unix can do, nor am I familiar with servers in general), just figured I should at least suggest it.

[Tangle]

Hey, Xepher, I just had an idea for preventing someone who's managed to hack the site from doing much damage - is there anything you could write that would prevent a user from changing a large amount of files within a short period of time (giving them an error if they try to edit more files than one would normally be able to edit in a short period of time - like 20 files in a minute, or something).  It's just an idea, and I'm sure there's probably some reason why you can't do it (I'm not very familiar with everything that Linux/Unix can do, nor am I familiar with servers in general), just figured I should at least suggest it.

Ack, I regularly change/upload more than 20 files in one session, because I'm lazy and tend to update in clumps.

[Databits]

That wouldn't be a very good system to implement simply because of multiple factors. First off, as Tangle pointed out, some people update their sites often enough to make a lot of changes to things. This would hinder their efforts for effective updates quickly. Also, how would you apply this in terms of uploaded/created files via scripts? Like forums that allow users to upload avatars, or perhaps a comic strip script that lets you upload image pages or frames?

Also... what if you upload a script and find something needs to be fixed or tweaked?

All in all, I think it would cause more headaches than it's worth.

[Jaibyrd]

I know this probably sounds silly, but I wish we had some sort of "shield" to bounce back the bot attacks somehow and redirect it elsewhere.

And yes, people are dorkmeisters... =>.<=